from the assuring-no-standing-but-cutting-challenges-off-at-the-knee dept

When House Intelligence Committee ranking member Dutch Ruppersberger suggested replacing the NSA's bulk collections with something a bit more targeted, it was a little surprising. After all, this is the same man who has worked hand-in-hand with Mike Rogers to subject the NSA to as little oversight as possible over the last several years.

What he proposed sounded suspiciously like an old fashioned Pen Register, the sort of targeted call tracking that can easily be performed by any law enforcement/security agent. Julian Sanchez wondered why a new law was needed when one already on the books would suffice, provided it was scaled back from FISC judge Colleen Kollar-Kotelly's expansive interpretation.

Well, apparently the reason a new law was needed was to expand the NSA's powers, rather than contract them, contrary to the assertions of those pushing this legislation. As Mike noted on Tuesday, the bill aims to limit some aspects of the NSA's collections while simultaneously lowering the standards governing other collections. The bill dials back on "probable cause" and relies on "reasonable suspicion" only, while also eliminating the government's need to seek a warrant or court order to run a phone number for hits.

If the judge determines that such petition consists of claims, defenses, or other legal contentions that are not warranted by existing law or consists of a frivolous argument for extending, modifying, or reversing existing law or for establishing new law, the judge shall immediately deny such petition and affirm the directive or any part of the directive that is the subject of the such petition and order the recipient to comply with the directive or any part of it.

And here's what that wording appears to be targeting:

I can’t help believing much of this bill was written with cases like Lavabit and the presumed Credo NSL challenges in mind, as it uses language disdainful of legal challenges.

This makes it that much more unlikely that challenging an order from the NSA will result in anything other than compliance by the entity on the receiving end. This strips away a little more of the facade the government portrays -- that those receiving national security letters and the like actually have any choice in the matter.

When the government demanded the SSL keys so it could access the data and communications of Ed Snowden's former email provider, Lavabit fought back. First, it closed down rather than be "complicit in crimes against the American people." Then the government dragged the provider to court to get the information it sought and Lavabit's lawyers fought back.

This is the way the system is supposed to work. Orders can be challenged, even if the chance of overturning them is microscopic. If this part of the bill goes through unaltered, judges will be granted the permission to simply shut down any petition they think seeks to challenge any aspect of the laws pertaining to the NSA's surveillance programs. It's the NSA's heckler's veto, granted by the House Intelligence Committee and delivered by judges who will be forbidden from respecting any challenges to the government's interpretation of these laws.

from the get-your-act-together dept

While the USA Freedom Act isn't perfect, it is one bill in Congress that has a lot of support and will fix many problems with the current NSA overreach. Much more needs to be done, but the USA Freedom Act is a good starting point. And yet, the Obama administration and his Justice Department have yet to take a public stand on the bill, and that seems to be annoying plenty of folks in Congress. At the recent Judiciary Committee hearings, Rep. Jim Sensenbrenner, the original author of the Patriot Act and Section 215, made it abundantly clear that the DOJ/NSA's interpretation of his bill was simply incorrect and that they were abusing the system. As the sponsor of the USA Freedom Act to fix this misinterpretation, he pointed out that if the DOJ doesn't agree to support it, there's a good chance that Congress simply won't renew the provisions in Section 215 at all. Section 215, of course, is the part that has been misinterpreted by the DOJ, the FISA court, the NSA and the FBI to pretend it authorizes the collection of every phone record. In short, the message from Congress is: work with us to reform things, or we'll pull the authority altogether. Of course, some of us think that pulling the authority altogether might be a better long term solution.

And it's not just Sensenbrenner making those claims. Many others -- across the political spectrum -- made it clear during the hearing that the NSA's actions with regards to Section 215 were unacceptable and Congress is going to make them change things. Yes, nothing has happened yet, and Congressional bluster doesn't always lead to results, but it's becoming increasingly clear that the NSA (and the President's) desire to keep collecting everyone's metadata is not convincing anyone.

from the that-doesn't-seem-right dept

While so much attention has been paid to the special White House task force that was set up to look at the NSA situation, and the fact that President Obama is planning to announce his almost entirely cosmetic "reforms" for the NSA tomorrow, it seems that almost everyone has forgotten that there is an official Privacy and Civil Liberties Oversight Board (PCLOB) that is planning to give its own recommendations concerning the NSA's programs... only, it's after the President will have already announced his plans. Admittedly, it must be easy to forget about or ignore the PCLOB. As we discussed a year and a half ago, the federal government (under both Presidents Bush and Obama) left it entirely unstaffed for nearly five years. However, it does now exist and has also been investigating the NSA's programs and their impact on privacy and civil liberties.

Earlier this month, the PCLOB announced that it will be releasing its findings... in late January or after February. In other words, the recommendations will be after the President has already announced his plans. It does sound like the PCLOB report will be fairly thorough -- there will be one focused on Section 215 of the PATRIOT Act (the bulk metadata collection), a report on how FISC works, and a final report on Section 702 of the FISA Amendments Act. Basically, three separate looks at the most controversial aspects of the NSA's activities. And all of them coming after the President has already made up his mind.

Of course, while it might seem odd that the President would announce his plans just a few days before the government's official organization in charge of privacy and civil liberties announces its findings... it's not that odd if the whole point is to basically cut off any serious consideration of whatever they actually end up recommending. And, of course, you don't even have to be overly cynical to assume that's exactly what's happening.

from the as-expected dept

The expectation all along was that the President's intelligence task force was likely to recommend cosmetic changes while leaving the worst abuses in place. And, in fact, many of us were quite surprised to see the panel's actual recommendations had more teeth than expected (though, certainly did not go nearly far enough). It was pretty quickly suggested that President Obama wouldn't support the most significant changes, and now that he's set to announce his plan on Friday, it's already leaked out that he's going to support very minimal reforms that leave the problematic spying programs of the NSA effectively in place as is.

Mr. Obama plans to increase limits on access to bulk telephone data, call for privacy safeguards for foreigners and propose the creation of a public advocate to represent privacy concerns at a secret intelligence court. But he will not endorse leaving bulk data in the custody of telecommunications firms, nor will he require court permission for all so-called national security letters seeking business records.

As the NY Times says, he's taking the political way out, making sure not to upset the surveillance hawks:

The emerging approach, described by current and former government officials who insisted on anonymity in advance of Mr. Obama’s widely anticipated speech, suggested a president trying to straddle a difficult line in hopes of placating foreign leaders and advocates of civil liberties without a backlash from national security agencies. The result seems to be a speech that leaves in place many current programs, but embraces the spirit of reform and keeps the door open to changes later.

Yeah, but embracing "the spirit of reform" is not actually doing any reform. It's a bullshit approach guaranteed not to win anyone's approval, which seems to be the way the president often operates. Say you're going to do something, then offer a weakly compromised version of the plan and pretend you've actually done something big. It's not leadership, it's "let's talk big, and do little."

As the NY Times says, this "largely codifies existing practices."

Basically, this whole charade simply dumps the whole thing back into Congress's hands to try to push through real reform -- meaning that rather than letting President Obama decide what to do, we need to get things like the USA Freedom Act passed as a starting point, followed by more significant surveillance freforms.

from the oops dept

See, there's a problem when you lie: you always forget how to keep your story straight. You may remember, for example, that Senator Dianne Feinstein, at the end of October, released a bill that pretended to be about reforming the NSA and its surveillance programs. The bill was spun in a way that was designed to make people think it was creating real reforms, with a fact sheet claiming that it "prohibited" certain actions around bulk data collection, but which actually codified them in the law, by including massive loopholes. It was an incredibly cynical move by Feinstein and her staff, pretending that their bill to actually give the NSA even greater power and to legalize its abuses, was about scaling back the NSA. But that's the spin they put on it -- which almost no one bought.

But, it seems that even Feinstein has forgotten that her bill is supposed to pretend that it's about reining in the NSA. On Tuesday, the Senate Intelligence Committee met with the White House's task force, to discuss its recommendations for surveillance reform (which don't go far enough, but go way beyond what Feinstein wants). In discussing what happened in the meeting, Feinstein basically lets slip that she disagrees with the reforms suggested, and that support for her bill means that others are against reform as well:

Those recommendations were criticized by supporters of the NSA’s programs, including Intelligence Committee chair Dianne Feinstein, D-Calif., who has said that taking the information out of the government’s hands could put the country at risk. Feinstein has spoken out against proposed reforms that would require as much, and has sponsored her own committee bill that would preserve the agency’s methods.

“Our bill passed by 11-4, so you know there’s substantial support for the programs,” she said.

In other words, "my bill is for people who already support these programs." Exactly the opposite of what her marketing and public statements about the bill have been. Oops. Next time, she should try to not misrepresent her own bill, and maybe she can keep her story straight.

from the theatrical-reforms dept

Leaks coming out of the Obama administration suggest that the President is preparing mostly cosmetic changes to the intelligence community, following the recommendations from the intelligence task force -- which were much stronger than many expected. The reports suggest things like putting a public advocate to represent the public's views in certain cases before the FISC. This has been talked about for a while, and was the main concession plenty of people had been expecting anyway. That's hardly anything big.

The article talks about two other potential reforms. The first is shifting the holding of phone call metadata from the NSA to the phone companies, allowing the NSA to still search through it after getting a court order. While this may be a marginal improvement, it still has tremendous problems. It will almost certainly come with some sort of data retention law -- something that the feds have wanted for ages, and which civil liberties activists have been fighting against for years. Companies shouldn't be required to hang on to data they don't need, especially if getting rid of it can better protect their users' privacy. Furthermore, while not letting the NSA hang onto the data is a good thing, there is a reasonable concern that if the telcos are hanging onto the data themselves, that they, too, might do bad things with it, with little to no oversight.

However, most of the article from the LA Times focuses on National Security Letter (NSL) reform. We've written about those for years. NSLs are the way that the FBI can demand information from companies without any judicial review at all and, even more insane, with a complete gag order that prevents the recipient from telling anyone (including, at times, your lawyer). The FBI has an incredibly long history of "serious misuse" of NSLs, and has shown little to no interest in fixing the process. Nearly a year ago, a court actually ruled them unconstitutional, but there's an ongoing appeals process that will take quite a bit of time.

However, as the article notes, the DOJ/FBI and other surveillance maximalists are all horrified by the idea that Obama might actually require judicial approval of NSLs, for all but "emergency" situations. What this sounds like is that the President may suggest something along those lines, there will be a well coordinated press attack from surveillance hawks freaking out about the danger this puts us all in... and then he'll back down on that one point. And we'll be left with... basically nothing, but the President will go around insisting that he reformed the intelligence community, while everything more or less stays the same.

from the the-chess-game-continues dept

While many of us were surprised at the details of the White House's intelligence task force's proposals on reforming the surveillance system, Marcy Wheeler is already wondering if part of the reason for the White House to release this now, ahead of schedule, is to try to cut off the judicial reviews of the constitutionality of the various programs, as well as the legislative reforms winding their way through Congress. She argues that the report gives the President cover to delay many of these things, and even, potentially, ward off a full constitutional review in the courts -- such that things like the "third party doctrine" (allowing the government to get data from third parties without a warrant) never fully get tested again in court:

So long as the President deliberates on whether to accept these recommendations (which make changes but have obvious loopholes), he'll also buy time for DOJ to decide how to respond to these suits. Most important, for them, will be to protect the Third Party doctrine (which allows them to get information from telecoms and banks and other businesses), even if it means mooting the lawsuits by shifting the phone dragnet back to the providers.

I also think the first half (or so) of these recommendations are designed to moot the Leahy-Sensenbrenner bill (FREEDOM). Even if Obama accepted all the recommendations that parallel Leahy-Sensenbrenner (that would affect the phone dragnet, other bulk collection, National Security Letters, back door searches, and other use of incidentally collected US person data), it would still preserve Executive prerogative to resume such practices. They're not going to do that, mind you, but this will likely stall the debate over Leahy-Sensenbrenner until after Obama makes his decision on what to accept and reject.

All of that may be true -- and is a concern to monitor. But, at the very least, we're seeing increasingly mounting pressure for President Obama to enact real changes to these programs, rather than just defending them blindly.

from the about-time dept

Since the Snowden leaks began we've highlighted that the US internet companies should be furious about the NSA's actions, because it was almost certainly going to harm their ability to get any business outside of the US. Some of the companies seemed to be lying low, and we argued they should be speaking out and fighting back. While many of them did decide to sue for greater transparency, we argued that transparency was just one issue, and not even the most important one. About a month ago, with the revelations of the NSA infiltrating data centers, it appeared to finally dawn on the major internet companies that this was a serious issue.

Increase Oversight and Accountability (such as by making FISA an adversarial process)

Transparency About Government Demands

Respecting the Free Flow of Information

Avoiding Conflicts Among Governments

With the website, they've also sent a specific open letter to the government highlighting why this is important, focusing on the rights of individuals and the ability to keep their information private.

We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.

For our part, we are focused on keeping users’ data secure — deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.

We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight.

Some will, undoubtedly, argue that this is all just noise for the sake of public perception, but compare what these companies are doing to the major telco companies, which not only have refused to comment on all of this, but have actively fought efforts by their own shareholders to make them just slightly more transparent (up to the level many internet companies were even before the Snowden leaks).

The question, now, is how much effort these companies will really put into getting Congress to change the laws. There are a number of different bills in Congress. Having the tech companies assist the efforts for real reform would certainly be helpful.

from the more-of-that-please dept

We've been arguing since the beginning of the Snowden leaks, that the tech industry should be much angrier than it is about all of this, because the fallout and blowback from this is going to impact these companies quite a bit. To date, the big tech companies have been fighting back, but it's mostly focused on the transparency issue, arguing in court that the gag orders barring them from talking about what the government has legally compelled them to do, is a violation of their First Amendment rights. And that's correct and an important fight, but we've been disappointed that the tech companies haven't supported even greater reforms and changes, including greater privacy protections. But that might be changing.

Obviously, the news of the NSA infiltrating private network links between data centers should make these companies even angrier. It appears that Google is getting there, though Yahoo still doesn't seem to realize what just happened.

However, in an interesting move that at least hints at potential further realization from the tech industry that they need to support user privacy rights, the big guys -- Google, Facebook, Apple, Microsoft, Yahoo and AOL -- have all sent a letter to Congress in support of the USA Freedom Act. In it, they once again talk up the importance of greater transparency. But, also, for the first time that I can remember, they appear to be arguing for even more:

Transparency is a critical first step to an informed public debate, but it is clear that more needs to
be done. Our companies believe that government surveillance practices should also be reformed
to include substantial enhancements to privacy protections and appropriate oversight and
accountability mechanisms for those programs.

And, even with the letter being sent today, it was almost certainly written and approved before yesterday's revelations -- meaning that this was before they realized the NSA was trying (and succeeding) to backdoor into their networks without their knowledge. Hopefully they'll start pushing for even more significant reforms as well. Some have argued that the tech industry has been complicit in the NSA surveillance efforts, while others have suggested they were compelled, or even tricked/hacked into it. The evidence suggests a combination of all of those factors (in varying degrees across the different companies). But if they want to actually regain the trust of their users, they should stand up for the rights of their users and support the efforts to create real change and to stop illegal surveillance, rather than just increasing transparency.

from the a-better-balancing-of-security-and-liberty dept

Ron Wyden, Mark Udall, Richard Blumenthal and Rand Paul held a press conference today to discuss proposed legislation for reforming the NSA's surveillance programs. The bipartisan group assembled here is looking for actual reform, rather than the light touch-ups that have made up the majority of the administration's contributions to the national security discussion.

The first proposal is to eliminate the Section 215 bulk records collections. As Wyden points out, no evidence exists that this data collection has led to the prevention of any terrorist attacks. Blumenthal adds to this point later in the press conference by referring to the oft-quoted "54 attacks prevented" statement as "bogus." Wyden also points out that the email records collection was already shut down (in 2011) for exactly this reason: no proven effectiveness. Wyden states that, with this bill, the dragnet collection of law-abiding citizens' information will be "outlawed."

Second, the bill will close the backdoor search loophole in the FISA Amendments Act that allows intelligence agencies to rifle through the communications of millions of Americans without a warrant. Originally, this was intended to search only foreign communications but that loophole (which had been closed in 2008) was reopened by a secret rule change in 2011. This would simply fix what should never have been there in the first place.

Third, Blumenthal's FISA Court Reform bill would be folded in, which would provide for a special advocate to act as an adversarial party in FISA court deliberations. As is pointed out later, this addition wouldn't unnecessarily burden the court. The advocate wouldn't be present for every warrant authorization but would sit in whenever major policy questions are being discussed in order to present the privacy and civil liberties side of the issue.

Fourth, the bill adds in Rand Paul's fix for the ongoing "standing" problem. As the system is set up now, it is extremely difficult to be granted standing to sue the government for civil liberties violations because of the secrecy surrounding the programs (although Snowden's leaks have greased the wheels a bit). Up until very recently, the courts have stated that if you can't prove the government is surveilling you, then you can't sue them for surveilling you. And since the government is in no hurry to hand out the data it's collected on American citizens, it's nearly impossible to obtain that proof. This would expand the ability of Americans to pursue the government in court for any ill effects suffered as a result of the government's surveillance activities.

This won't completely dismantle the NSA's programs but it will greatly reduce its domestic intelligence gathering. As Udall points out later in the conference, intelligence agencies will still be able to target terrorists and spies -- they just won't be able to sweep up non-targeted bulk collections of data on American citizens -- and they'll have to do better than simply claim the data might be "relevant."

As is now the new "normal," the backers of this bill are drawn from both parties. The NSA's overreach has managed to unite parties in a way the administration has been unable to do for nearly five years. As Wyden states, the narrow defeat of the NSA-defunding amendment proposed by Justin Amash was a "wakeup call" that demonstrated that many representatives were willing to cross party lines to protect civil liberties. That, in and of itself, is promising. But taking the first step as a bipartisan group should allow the bill's backers to draw support from both sides of the aisle, something that will greatly increase the chances of its success.